Information on the processing of personal data pursuant to Art. 13 of Reg. EU 2016/679 ("GDPR")

For full information pertaining to the processing of data as required by European Data Protection Regulation no. 2016/679 ("GDPR") and the applicable national laws on the processing of personal data, Italian Legislative Decree 196/2003 as amended, we invite you to carefully read our Privacy Policy, which applies in the event that you access this website and decide to browse it and/or use its services.

When does this policy apply?

This policy is provided and is valid only on this website ( and not for other websites that may be visited by the User through links on the website. OXIMET suggests consulting the privacy policies of all websites visited before disclosing any personal information.


The Data Controller of the data collected through this website is OXIMET S.R.L., with headquarters located at Viale Regina Pacis 200 - 41049 Sassuolo (MO) - Italy | VAT no. 08535020153 | EMAIL | TEL: +39 0536.800801 | FAX +39 0536.803295.

OXIMET guarantees that the processing of any personal data you might provide is done in compliance with your right to confidentiality. Therefore, the personal data you provide will be collected, recorded, processed electronically and online for the sole purpose of providing the services requested and may possibly be disclosed to third parties only for reasons related to the provision of those services.


When browsing this website, the Data Controller will process the following data:


The User is asked for personal data (e.g., first name, last name, email address, etc.) only if they wish to contact the company or make use of the services offered on this website. In such cases the User is provided with relevant information in this regard, and in cases where this is necessary is asked to provide consent. The data provided by the User will be processed in accordance with the purposes and methods set out in this policy. Unless otherwise specified, the processing of personal data will take place for as long as the data subject uses the Data Controller's website and the services provided therein. If consent is withdrawn, the personal data will be retained by the Data Controller for the purpose of proving the fulfillment of its obligations, until the statute of limitations for such obligations has passed.


Explicitly and voluntarily sending messages to the contact addresses published on the website or completing and submitting the contact form, results in the acquisition of the sender's contact details, as well as any personal data included in the messages. These data are processed for the following purposes and in accordance with the relevant legal basis for processing, for a storage period not exceeding what is necessary for the purposes they were collected and processed for.

Type of data processed: first name, last name, email, telephone, company, message.

Purpose of the processing: Handling of the request submitted by the User and the provision of the requested service (e.g., request for information, quotes, etc.).

Legal basis of the treatment: art. 6, para. 1), letter b) of the GDPR, the execution of pre-contractual measures at the request of the data subject. The processing is necessary to respond to requests received from the User.

Data retention: The User's requests and the data contained therein will be kept only as long as necessary to enable the Data Controller to handle the request and in any case as long as may be necessary to protect the interests of the Data Controller against any liability. At the end of this period, data that allow for the direct or indirect identification of an individual (such as first name, last name, email) will be anonymized and maintained in the form of aggregate data for statistical purposes.


Furthermore, data may be processed for additional purposes such as:

  • Contractual purposes related and instrumental to the establishment and management of customer relationships, such as the acquisition of information prior to the possible conclusion of a contract. In this case the data will be kept by the Data Controller for the time strictly functional to the performance of the requested service and the proper execution of the contractual relationship with the User. In any case, as these personal data are processed to provide the Services and enable the performance of the contractual relationship, the Data Controller may retain them for a longer period as may be necessary to protect the Data Controller's own interests against possible liability. At the end of this period, the data will be deleted.
  • Fulfilling the obligations envisaged by state laws, regulations and EU regulations, or provisions issued by authorities empowered to do so by law and by control or supervisory bodies (e.g., tax, accounting, administrative, etc.). In this case the data will be retained by the Data Controller for the period envisaged by specific legal obligations or applicable regulations.
  • The exercise of the Data Controller's rights in court and the management of any litigation.

Statistics: Collection of data and information in an aggregate and anonymous form solely to verify the proper operation of the website, with a view to continuous improvement.

None of this information is related to the physical person-User of the website, and it does not in any way allow their identification.

Security: Collection of data and information in order to protect the security of the website and users (spam filters, firewalls, virus detection) and to prevent or expose fraud or abuse against the website.

The data, including the domain names of the computers used by Users who connect to the website, the addresses of the requested resources in URI (Uniform Resource Identifier) notation, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User's operating system and computer environment are recorded automatically and may possibly also include personal data (IP address) that could be used – in accordance with the relevant laws in force – to block attempts to damage the website or to cause damage to other users, or otherwise harmful or criminal activities. These data are never used for identifying or profiling the User and are periodically deleted.


Cookies are small text strings that websites visited by the User send to the User's terminal (usually to the browser), where they are stored and then transmitted back to those same websites the next time that User visits them. When browsing a website, the User may also receive cookies that are sent from different websites or web servers (so-called "third-party cookies") and associated with certain elements (such as for example images, maps, sounds, specific links to pages on other domains) on the website being visited. Cookies, which are usually present in users' browsers in very large numbers and sometimes with long durations, are used for a variety of purposes: allowing user authentication, monitoring sessions, storing information about specific settings selected by users who access the server, etc. For more details see the website’s Cookie Policy.


Users are free to decide whether or not to provide their personal data through this website and/or related services. Failure to provide the data specified on a case-by-case basis in the notices provided to the User may result in the inability to provide the service requested. Any information that is absolutely required to fulfill a request is specified to the User in advance.

Any refusal to provide certain data marked as required makes it impossible to pursue the main purpose of the data collection. Such a refusal could for example result in the impossibility for OXIMET to provide answers to the User, or other services that may be available on this website.

On the other hand, the provision to OXIMET of more information than was marked as essential is optional and does not entail any consequences with regard to the pursuit of the main purpose of the data collection.


The processing of personal data will always be governed by the principles of propriety, lawfulness, transparency, and protection of confidentiality through technical and organizational security measures to ensure an adequate level of protection and by security procedures to ensure the confidentiality, integrity, and availability of the data.


The personal data may be processed by the personnel tasked with the development and management of the website who are authorized to process them in order to achieve the previously stated purposes and who have committed themselves to confidentiality or signed a specific legal obligation of confidentiality.

The personal data will be processed by parties appointed as data processors as they process data on behalf of the Data Controller (e.g., parties with whom it is necessary to interact for the provision of the Services such as hosting providers, or parties delegated to perform technical maintenance including maintenance of network equipment and electronic communication networks, etc.).

The personal data may be shared with third parties with whom the Data Controller has ongoing contractual relationships involving the provision of services functional to business operations (e.g., companies or professional firms that provide assistance and consulting in accounting, administrative, legal, tax, financial and debt collection matters relating to the provision of the Services, etc.).

The data may be disclosed, even without consent, to all regulatory bodies tasked with performing audits and controls, such as the Revenue Agency, ministerial bodies and competent authorities, local authorities, and tax commissions of every order and degree, upon their express request, which will process them as autonomous data controllers for institutional purposes and/or under the law in the course of investigations and controls.

The personal data are not intended for publication or dissemination. The full list of designated external data processors is available from the Data Controller.

The data will be processed by the Data Controller in Italy and within the territory of the European Union and the European Economic Area. If for technical, organizational, and/or operational reasons it becomes necessary to make use of entities (from among those listed above) located outside the European Union or the European Economic Area, note that the Data Controller will ensure that the processing of data by such entities is done in compliance with applicable regulations. Therefore, transfers will be made using appropriate safeguards such as adequacy decisions, standard contractual clauses approved by the European Commission, or other safeguards deemed appropriate. The data subject may request more information by writing to the data controller's contacts listed at the beginning of this policy.


Articles 15 et seq. of the GDPR ascribe specific rights to data subjects.

Specifically, the right to obtain confirmation of the existence or otherwise of personal data, access to and rectification or erasure of personal data or restriction of their processing or to object to their processing, as well as the right to data portability, communication of such data and the purposes of such processing. Moreover, data subjects have the right to withdraw their consent at any time without prejudice to the lawfulness of any processing based on consent given before withdrawal, transformation into anonymous form or blocking of any data processed in violation of the law, as well as updating or, if there is an interest therein, completion of the data. Data subjects have the right to object to the processing itself on legitimate grounds.

The exercise of these rights is not subject to any time constraint and can be done free of charge by contacting the Data Controller at the addresses provided at the beginning of this notice by post and/or email.

Data subjects who believe that the processing of their personal data by this website is in violation of the provisions of the GDPR have the right to lodge a complaint with a supervisory authority (for Italy: Personal Data Protection Authority, as envisaged in Art. 77 of the GDPR, or to take appropriate legal action (Art. 79 of the GDPR).